News

General Data Protection Regulations (GDPR) is new EU legislation that comes into effect on May 25th 2018

November 8, 2018

It very clearly sets out the ways in which the privacy rights of every EU citizen must be protected and the ways in which a person’s ‘Personal Data’ can and can’t be used. It places the onus on the person or entity that collects a person’s information (Data Controller) to comply with the legislation and to demonstrate compliance.

What is Data Protection? 

• Data Protection legislation is intended to protect the right to privacy of individuals (all of us) and seeks to ensure that Personal Information is used appropriately by third parties that may have it (Data Controllers). 

• In essence Data Protection relates to any information that can be used to identify a living person such as Name, Date of Birth, Address, Phone Number, Email address, Membership Number, IP Address, photographs etc 

• There are other categories of information which currently are defined as Sensitive Personal Data which require more stringent measures of protection and these categories include religion, ethnicity, sexual orientation, trade union membership, medical information etc.

Data Protection can be summarised in the following 8 ‘rules’

You must … 

1. Obtain and process the information fairly 

2. Keep it only for one or more specified and lawful purposes 

3. Process it only in ways compatible with the purposes for which it was given to you initially 

4. Keep it safe and secure 

5. Keep it accurate and up-to-date 

6. Ensure that it is adequate, relevant and not excessive 

7. Retain it no longer than is necessary for the specified purpose or purposes 

8. Give a copy of his/her personal data to any individual, on request

What does Data Protection Legislation mean to me? 

• The legislation sets out rules about how this information (personal Information) can be obtained, how it can be used and how it is stored. 

• Every person must give their consent for their data to be collected and processed for a specific purpose which must be communicated to them at the time the data is obtained. 

• They must specifically Opt-In and must be allowed to Opt-Out at any time. They must also be given the opportunity to review the consent they have given on a regular basis (i.e. Yearly) 

• Data must be kept safe and secure and must be kept accurate and up to date 

• An Individual can request a copy of all of the personal information held about them (this is called a Subject Access Request) and must be allowed to have all of their data deleted or returned to them, if they so wish.

Further Information on the GDPR Changes can be found at:

http://www.gaa.ie/news/data-protection/

http://www.gaa.ie/my-gaa/administrators/ensuring-gdpr-compliance

http://www.moynalveygfc.ie/club-news/gaa-news/2259-general-data-protection-regulations-gdpr-is-new-eu-legislation-that-comes-into-effect-on-may-25th-2018.html

 

On another note – from 23rd January the GAA will launch it's own Mobile Phone/Device App (GAA are working in conjunction with the GAA Database Provider Servasport to launch this)

1) Members whose mobile No. is already on our Club GAA Database may receive notifications through the APP from the club (Optional)

2) Members may receive News Notifications from the GAA via the APP

3) Members may pay their Membership through the App (GAA are working with Payment Provider "Stripe" to launch this)

4) Members may be able to access their GAA Membership No. through the App

5) All of the above will also be in conjunction with the above GDPR change – Members will be asked for their consent when inputting personal info through the App on their mobile devices